Forum Discussion

NoamRotter_1534's avatar
NoamRotter_1534
Icon for Nimbostratus rankNimbostratus
Jan 22, 2017

Convert UPN from X509 to sAMAcountName

Hello,

 

I have this code to get UPN to a variable named session.logon.last.upn:

 

Code
set e_fields [split [mcget {session.ssl.cert.x509extension}] "\n"];
foreach qq $e_fields {
if {[string first "othername:UPN" $qq] >= 0} {
return [string range $qq [expr { [string first "<" $qq] + 1 } ] [expr
{ [string first ">" $qq] - 1 } ] ];
}
}
return ""

This works fine

 

 

Now, I need to query my AD/LDAP to convert the UPN to sAMAccountName.

 

i.e: if UPN is: 012345678@local

 

sAMAccountName will be: testuser@domain.local

 

 

 

How do I query the AD/LDAP and find the sAMAccountName based on the UPN?

 

 

Thank you,

 

Noam.

 

1 Reply

  • You can add an 'AD query' agent to the access policy and use the following SearchFilter and set SAMAccountName as a 'Required Attribute'. After that you can read the SAMAccountName from 'session.ad.last.attr.sAMAccountName'.

    (userPrincipalName=%{session.logon.last.upn})